top of page

Privacy Policy

Sagax Security Partners — Privacy Policy
Effective: September, 2025

Who we are
Sagax Security Partners, LLC (“Sagax Security Partners,” “we,” “us”).
Website: www.sagaxsecuritypartners.com

Short Notice at Collection

We collect identifiers/contact details, professional information, technical data (cookies/logs), and service records to provide and secure our services, communicate with you, and meet legal obligations. We do not sell or share personal information for cross-context behavioral advertising. See details below and manage cookies in “Your Choices.”

1) Scope & Roles
We act as an independent controller for our website, marketing, and business operations. When delivering client services (e.g., cybersecurity consulting, OSINT and private-investigator-style online investigations, security engineering, fractional CISO/vCISO), we typically act as a processor/service provider under the client’s instructions and a data-processing agreement (DPA).

2) What We Collect

  • Identifiers & contact: name, email, phone, employer, role, postal address, IP address.

  • Professional & service data: proposals, SOWs, communications, tickets, billing, usage logs tied to services/tools we manage.

  • OSINT/investigation data: information from lawful public or licensed sources (e.g., domains/DNS, breach corpora, public records, websites, social platforms), processed lawfully and minimally.

  • Technical data: device/browser details, cookie IDs, log timestamps/headers, coarse location.

  • Sensitive data: not intentionally collected; if encountered incidentally, handled only as permitted and necessary.

We do not knowingly collect children’s data; services are for business users.

3) Sources
Directly from you or your employer; public/OSINT and licensed data sources; service providers (hosting, email/telemetry, analytics, payments); and systems we assess or manage.

4) How We Use Data & Legal Bases

  • Provide and improve services (consulting, investigations, security operations, support) — Contract, Legitimate interests, and where required Legal obligation.

  • Communications & B2B marketing — Legitimate interests or Consent where required; unsubscribe anytime.

  • Security (detect/prevent/investigate incidents, maintain logs, fraud prevention) — Legitimate interests / Legal obligation.

  • Billing, vendor, and compliance — Contract / Legal obligation.

  • Website analytics & cookies — Consent for non-essential cookies; Legitimate interests for strictly necessary cookies.

    US disclosure: We do not sell personal information and do not share it for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals.

5) Cookies & Similar Technologies

We use strictly necessary cookies for security and functionality and, with consent, analytics cookies to improve the site. Manage preferences via our cookie banner and your browser settings; we honor GPC.

6) Disclosures

We disclose data to: trusted processors (hosting, communications, analytics, CRM, e-signature, payments), clients (when acting as processor), professional advisors under confidentiality, authorities where required, or parties to a business transfer under safeguards. Processors must follow our instructions and implement appropriate security.

7) International Transfers

Where EEA/UK/Swiss data is transferred internationally, we rely on adequacy decisions and/or EU/UK Standard Contractual Clauses (SCCs) plus supplementary measures as needed. Copies available on request (with reasonable redactions).

8) Retention

We keep personal data only as long as needed for the purposes above and legal/accounting obligations, then delete or anonymize. Typical periods:

  • Marketing contacts until you unsubscribe or after [24] months of inactivity.

  • Engagement records: contract term + 4 years.

  • Security logs: [90–400] days depending on risk/system.

9) Security

We maintain a security program aligned with NIST CSF and industry standards (least-privilege access, encryption in transit/at rest, secure configuration and vulnerability management, supplier due diligence, logging/monitoring, incident response, backup/DR). If a breach affects your data, we will notify you and regulators as required.

10) Your Rights

  • EEA/UK/Swiss: rights to access, rectify, erase, restrict, object, portability, and withdraw consent without affecting prior processing; you may complain to a supervisory authority.

  • US (e.g., CA/CO/CT/VA/UT): rights to know/access, correct, delete, and limit use of sensitive data; opt-out of sale/sharing/targeted ads (not applicable here). We honor authorized-agent requests and GPC where applicable.

How to exercise: email clayton.briggs@sagaxsecuritypartners.com with “Privacy Request,” your jurisdiction, and details. We will verify identity (and authority, if an agent) and respond within required timeframes.

11) Notes on OSINT/Investigations

We collect from lawful, publicly accessible or licensed sources for legitimate purposes (e.g., due diligence, fraud prevention, threat/risk assessment, compliance, litigation support), following client instructions and applicable law. We apply data-minimization, necessity, and accuracy principles and avoid retaining irrelevant or excessive data.

12) Children

Our services and site are intended for adults in a business context. We do not knowingly collect data from children.

13) Changes

We may update this policy periodically. The “Effective” date shows the latest version. Material changes will be highlighted on this page and, where appropriate, communicated directly.

Your Choices

  • Adjust cookie preferences via the banner or your browser settings; we honor GPC.

  • Unsubscribe from marketing using the link in our emails or by contacting us.

  • Submit privacy rights requests to clayton.briggs@sagaxsecuritypartners.com.

bottom of page